B3: Privacy Is a Business Continuity Issue Too
Steve Ross, Risk Masters, Inc.
Business Continuity Managers should be concerned about data privacy. Every Business Continuity Plan that contains contact information for key managers and staff is a potential privacy violation unless specific safeguards are observed. Moreover, the files that are used for backup and recovery are subject to the same privacy requirements (such as the right to be forgotten) as the primary databases. Also, responding to privacy breaches can be very disruptive. Organizations should prepare for minimizing the impact of system unavailability, investigations, audits, and access limitations on normal business operations. This presentation will address these and other issues and offer practical guidance on implementing measures to comply with recent legislation and to ensure that the Business Continuity Management function is not contributing to an organization’s privacy exposure. These include identification of repositories of personally identifiable information (PII), assessment of the uses to which they are put, obtaining consent from those whose contact information is needed for recovery, and monitoring the use of relevant files.
B4: Focusing Your Executives’ New Appreciation for Business Resilience Post-COVID
Grace Burley, Witt O’Brien’s
How many pandemic scenarios had we all written prior to 2020? While Global Pandemic has always been on our collective crisis management and business continuity planner radar, we now have management’s full attention. So how do we leverage it?
C2: Conducting Joint BC/DR Testing With Third-Party Service Providers and What to Do If They Don’t Offer Joint Testing
Carlo Kelejian, Continuity Innovations
Third-party service providers deliver critical services to organizations and joint BC/DR testing should be included in your enterprise-wide exercise and BC/DR testing program. Organizations need assurance that all third-party service providers they decide to partner with are resilient, reliable, and transparent. Also, they should have adequate plans put in place, sound risk management programs, solid infrastructure, and personnel to restore critical outsourced services consistent with business and contractual requirements. In this session, we will discuss how to work with your third-party service providers to conduct joint BC/DR tests to validate the effectiveness of their BC/DR plans. We will also cover what to do if your third-party service providers do not offer joint testing. Attend this session to explore the steps you can take to mitigate risks associated with outsourcing critical services.
D2: Data-Driven Decision-Making: How Operational Resilience Helps to Make Smarter Decisions
Tejas Katwala, Continuity Logic
Organizations now have more access to operational data than ever before. But what happens to this data – do you let it degrade over time, or are you using it to improve resilience and decision making?
E1: Organizational Resilience Is Hard: The Soft Skills to Make It a Success
Alex Fullick, Stone Road
COVID has proven that to be resilient you must look beyond usual ‘response’ mechanisms – BCM, IT DRP, Incident Management, Crisis Management – and look at the secret to the success of resiliency: people. We must understand people, their well-being, empowerment, contribution, and their own level of resilience.